Every HTTP call to your endpoint becomes a request record with full metadata and a stored body.
What gets captured
| Field | Description |
|---|---|
method | HTTP verb — GET, POST, PUT, PATCH, DELETE, etc. |
headers | All request headers as a JSON object |
query | Parsed query string parameters |
content_type | Value of the Content-Type header, if present |
body_size_bytes | Size of the raw body in bytes |
source_ip | Sender’s IP address |
created_at | UTC timestamp when the request arrived |
The raw body is stored separately in Cloudflare R2 at payloads/{organization_id}/{endpoint_id}/{request_id}. The database stores metadata only — never the body inline.
What doesn’t get captured
- Response bodies from your forward target (only status code and timing)
- Requests to paused endpoints (rejected before capture)
- Bodies exceeding your plan’s payload limit (rejected with
413)
Viewing requests
Dashboard
The endpoint detail page shows a live stream of incoming requests, newest first. Click any row to open the full inspector with headers, query, and body panels.
Realtime updates use Supabase Realtime — new requests appear within about a second without refreshing.
API
List requests for an endpoint:
curl -s "https://api.hookdeploy.dev/v1/endpoints/ENDPOINT_ID/requests?limit=10" \
-H "Authorization: Bearer hd_live_YOUR_KEY"Get a single request:
curl -s "https://api.hookdeploy.dev/v1/endpoints/ENDPOINT_ID/requests/REQUEST_ID" \
-H "Authorization: Bearer hd_live_YOUR_KEY"Request bodies are not returned via the API yet. The response includes:
{
"body_url": null,
"body_note": "Request body is not available via the API yet. View the body in the HookDeploy dashboard."
}View bodies in the dashboard inspector for now.
Retention
Requests are automatically deleted after the retention period for your plan. Retention is measured from created_at.
| Plan | Retention |
|---|---|
| Free | 7 days |
| Starter | 30 days |
| Team | 90 days |
| Enterprise | 365 days |
There is no manual “archive” — plan your replays and exports before retention expires. Enterprise customers can negotiate longer retention.
Payload limits
Each plan caps the maximum request body size at ingestion time. Bodies larger than the limit are rejected before storage:
HTTP/1.1 413 Payload Too Large
Content-Type: application/json
{"error":"payload too large"}The sender receives 413. Nothing is stored.
| Plan | Max payload |
|---|---|
| Free | 256 KB |
| Starter | 1 MB |
| Team | 25 MB |
| Enterprise | 100 MB |
The ingestion Worker reads the body up to the limit using a streaming check — it doesn’t buffer oversized payloads in memory.
Monthly request limits
Each organization has a monthly request quota counted across all endpoints:
| Plan | Requests/month |
|---|---|
| Free | 500 |
| Starter | 25,000 |
| Team | 500,000 |
| Enterprise | Unlimited |
Usage is tracked in usage_counters per calendar month. When exceeded, new requests to any endpoint return:
HTTP/1.1 429 Too Many Requests
{"error":"plan limit reached"}Check current usage in the dashboard under Billing or via GET /v1/usage.
Forward metadata
If auto-forwarding is enabled, each request record includes forward attempt details:
| Field | Description |
|---|---|
forward_url | URL the request was forwarded to |
forward_attempted_at | When the forward was attempted |
forward_status_code | HTTP status from your server |
forward_response_time_ms | Round-trip time in milliseconds |
forward_error | Error message if the forward failed (timeout, DNS, etc.) |
Forward failure does not affect the 200 response to the original sender.
Deleting requests
Individual request deletion requires the requests.delete permission (admin and super admin only). Deleting an endpoint cascades and removes all its requests.
Next steps
- Forwarding — Auto-proxy behavior and latency
- Replay — Re-send captured requests on demand
- Requests API — List and paginate via the REST API